Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-37146

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-28 Sep, 2021 | 12:08
Updated At-04 Aug, 2024 | 01:16
Rejected At-
Credits

An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLRPC call.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:28 Sep, 2021 | 12:08
Updated At:04 Aug, 2024 | 01:16
Rejected At:
▼CVE Numbering Authority (CNA)

An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLRPC call.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ros/ros_comm
x_refsource_MISC
https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446
x_refsource_MISC
https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447
x_refsource_MISC
Hyperlink: https://github.com/ros/ros_comm
Resource:
x_refsource_MISC
Hyperlink: https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446
Resource:
x_refsource_MISC
Hyperlink: https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ros/ros_comm
x_refsource_MISC
x_transferred
https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446
x_refsource_MISC
x_transferred
https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/ros/ros_comm
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:28 Sep, 2021 | 13:15
Updated At:06 Oct, 2021 | 19:37

An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLRPC call.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
ros
ros
>>ros-comm>>Versions up to 1.4.11(inclusive)
cpe:2.3:a:ros:ros-comm:*:*:*:*:*:*:*:*
ros
ros
>>ros-comm>>Versions from 1.15.0(inclusive) to 1.15.11(inclusive)
cpe:2.3:a:ros:ros-comm:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-835Primarynvd@nist.gov
CWE ID: CWE-835
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446cve@mitre.org
Vendor Advisory
https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447cve@mitre.org
Vendor Advisory
https://github.com/ros/ros_commcve@mitre.org
Third Party Advisory
Hyperlink: https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://github.com/ros/ros_comm
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

303Records found
CVE-2023-38197
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.95%
||
7 Day CHG~0.00%
Published-13 Jul, 2023 | 00:00
Updated-02 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

Action-Not Available
Vendor-qtn/aqtFedora Project
Product-qtn/aqtfedora
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-53980
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.55% / 67.61%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 18:56
Updated-05 Sep, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spoofed length byte traps CC2538 in endless loop

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually results into an endless loop on a CC2538 as receiver. Before PR #20998, the receiver would check for the location of the CRC bit using the packet length byte by considering all 8 bits, instead of discarding bit 7, which is what the radio does. This then results into reading outside of the RX FIFO. Although it prints an error when attempting to read outside of the RX FIFO, it will continue doing this. This may lead to a discrepancy in the CRC check according to the firmware and the radio. If the CPU judges the CRC as correct and the radio is set to `AUTO_ACK`, when the packet requests and acknowledgment the CPU will go into the state `CC2538_STATE_TX_ACK`. However, if the radio judged the CRC as incorrect, it will not send an acknowledgment, and thus the `TXACKDONE` event will not fire. It will then never return to the state `CC2538_STATE_READY` since the baseband processing is still disabled. Then the CPU will be in an endless loop. Since setting to idle is not forced, it won't do it if the radio's state is not `CC2538_STATE_READY`. A fix has not yet been made.

Action-Not Available
Vendor-riot-osRIOT-OSriot-os
Product-riotRIOTriot
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-2833
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.00%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 19:24
Updated-03 Aug, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Endless Infinite loop in Blender-thumnailing due to logical bugs.

Action-Not Available
Vendor-n/aBlender Foundation
Product-blenderBlender
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • Next
Details not found